I'm struggling with the following
I have a search that a returns all public IP address for which a connection was made on my Cisco ASA 5516-X firewall.
host="192.168.10.2" Built | rex "(?<ip1>\d+.\d+.\d+.\d+/)" max_match=0 | top limit=10000 ip1 | where NOT (ip1 LIKE "192.168.%.%")
I'd like to compare this list against the below blacklist
http://iplists.firehol.org/?ipset=firehol_level1
The primary problem i have is that the IP lists returned are signular and the blacklist is in CIDR notation. Is there a way to compare a list of single IPs to see if they match any entries within a CIDR notation?
Thanks
... View more